What happened on 1/14/2016 DDoS attack?

Discussion in 'General troubleshooting' started by Alex Kintner, Jan 15, 2016.

  1. I think it would be useful for WinHost to post an Incident Report so we can harden our own website against future attacks. Information is Power.

    - What specifically caused the incident? WinHost tweets said it was internal sites producing massive outbound network traffic. Pretty vague.
    - So was it infected sites that became part of a BotNet?
    - What can we look for in our own sites to see if we've been infected?
    - are there specific site settings that will help prevent a future infection?
  2. Totally agree! What they communicate and do AFTER the outage tells me what I will do with the 8 hosted accounts I have with them. The lack of an update has got me looking for other hosting companies.
  3. Yes.

    We sent email to everyone on Friday (after you guys posted here) that explains what happened.

    That's a good question.

    The vast majority of compromised sites are compromised via a third party application that isn't updated or patched. Where we usually see this is with WordPress (and its thousands of plugins), but it really applies to any similar application. The fix is easy: keep the application (and plugins) up to date.

    The problem we often see though is when one of these applications is installed and then not used or abandoned, then it falls out of date and eventually becomes a target for exploit.

    And of course SQL injection can be used to exploit code that you write yourself, typically something for data entry or file uploads. That's a bit more difficult to fix, because everyone writes those things differently. But the main thing you want to do is validate, sanitize, escape, etc. the input to any submission form or upload tool.

    But the third party apps is where the bulk of the problem lies.
  4. Thanks Michael. I did get the email. And I'm reading the "validate, sanitize, escape" link now -- good info.
    Michael likes this.
  5. So after reading the email sent out regarding this issue, I understand that now XML-RPC is probably being blocked - is that correct? If so, for those of us using the Jetpack plugin for Wordpress, and attempting to use the IFTTT service to connect up to our respective site(s) through WP, what options do we have now, if any? (Specifically, I was hoping to use an Instagram to Wordpress recipe to be able to auto-post IG photos to my site.)

  6. curtis

    curtis Winhost Staff

    Please open a support ticket. Thanks.

Share This Page